Author: joeyh
Date: 2005-02-16 09:14:16 +0100 (Wed, 16 Feb 2005)
New Revision: 414
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-15 22:10:59 UTC (rev 413)
+++ sarge-checks/CAN/list 2005-02-16 08:14:16 UTC (rev 414)
@@ -1,3 +1,133 @@
+CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of
...)
+ TODO: check
+CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a
...)
+ TODO: check
+CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x
allows ...)
+ TODO: check
+CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared
libraries ...)
+ TODO: check
+CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1)
obtain the ...)
+ TODO: check
+CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart
2.0.4 ...)
+ TODO: check
+CAN-2005-0441 (Unknown vulnerability in Sybase Adaptive Server Enterprise (ASE)
...)
+ TODO: check
+CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
+ TODO: check
+CAN-2005-0439 (Buffer overflow in ELOG before 2.5.7 allows remote attackers to
...)
+ TODO: check
+CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
obtain ...)
+ TODO: check
+CAN-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3
and 6.4 ...)
+ TODO: check
+CAN-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3
and ...)
+ TODO: check
+CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
read ...)
+ TODO: check
+CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke
7.5 ...)
+ TODO: check
+CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path
of the ...)
+ TODO: check
+CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1
Service ...)
+ TODO: check
+CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the
...)
+ TODO: check
+CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in
vBulletin ...)
+ TODO: check
+CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before
2.9.17 ...)
+ TODO: check
+CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in
the ...)
+ TODO: check
+CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers
to ...)
+ TODO: check
+CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0,
5.1, ...)
+ TODO: check
+CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain
versions of ...)
+ TODO: check
+CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook
allows ...)
+ TODO: check
+CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores
usernames and ...)
+ TODO: check
+CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the
profile.dat ...)
+ TODO: check
+CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange,
allows ...)
+ TODO: check
+CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow
remote ...)
+ TODO: check
+CAN-2005-0418
+ NOTE: reserved
+CAN-2005-0417 (Unknown "high risk" vulnerability in DB2
Universal Database 8.1 and ...)
+ TODO: check
+CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
+ TODO: check
+CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22
allow ...)
+ TODO: check
+CAN-2005-0414 (SQL injection vulnerability in MercuryBoard 1.1.1 allows remote
...)
+ TODO: check
+CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow
remote ...)
+ TODO: check
+CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap
allows ...)
+ TODO: check
+CAN-2005-0411
+ NOTE: reserved
+CAN-2005-0410
+ NOTE: reserved
+CAN-2005-0409
+ NOTE: reserved
+CAN-2005-0408
+ NOTE: reserved
+CAN-2005-0407
+ NOTE: reserved
+CAN-2005-0406
+ NOTE: reserved
+CAN-2005-0405
+ NOTE: reserved
+CAN-2005-0404
+ NOTE: reserved
+CAN-2005-0403
+ NOTE: reserved
+CAN-2005-0402
+ NOTE: reserved
+CAN-2005-0401
+ NOTE: reserved
+CAN-2005-0400
+ NOTE: reserved
+CAN-2005-0399
+ NOTE: reserved
+CAN-2005-0398
+ NOTE: reserved
+CAN-2005-0397
+ NOTE: reserved
+CAN-2005-0396
+ NOTE: reserved
+CAN-2005-0395
+ NOTE: reserved
+CAN-2005-0394
+ NOTE: reserved
+CAN-2005-0393
+ NOTE: reserved
+CAN-2005-0392
+ NOTE: reserved
+CAN-2005-0391
+ NOTE: reserved
+CAN-2005-0390
+ NOTE: reserved
+CAN-2005-0389
+ NOTE: reserved
+CAN-2005-0388
+ NOTE: reserved
+CAN-2005-0387
+ NOTE: reserved
+CAN-2005-0386
+ NOTE: reserved
+CAN-2005-0385
+ NOTE: reserved
+CAN-2005-0384
+ NOTE: reserved
+CAN-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters
when ...)
+ TODO: check
+CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to
overwrite ...)
+ TODO: check
CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote
...)
NOTE: not-for-us (Trend Micro Control Manager)
CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a
denial of ...)
@@ -594,8 +724,8 @@
CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an
executable file ...)
NOTE: I don''t know if this could work under Linux, anything I drag on
the Desktop from firefox is convert to a Link
TODO: check
-CAN-2005-0229
- NOTE: reserved
+CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data
file ...)
+ TODO: check
CAN-2005-0228
NOTE: rejected
NOTE: apparently dup of CAN-2004-1388
@@ -639,8 +769,8 @@
NOTE: reserved
CAN-2005-0207
NOTE: reserved
-CAN-2005-0206
- NOTE: reserved
+CAN-2005-0206 (The original patch for integer overflow vulnerabilities in Xpdf
2.0 ...)
+ TODO: check
CAN-2005-0205
NOTE: reserved
CAN-2005-0204
@@ -759,8 +889,7 @@
NOTE: reserved
CAN-2005-0160
NOTE: reserved
-CAN-2005-0159
- NOTE: reserved
+CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on
Debian ...)
{DSA-679-1}
CAN-2005-0158
NOTE: reserved
@@ -927,12 +1056,11 @@
{DSA-666-1}
CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows
remote ...)
- libapache2-mod-python (unfixed; bug #294835)
-CAN-2005-0087
- NOTE: reserved
+CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack
protection for ...)
+ TODO: check
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3
...)
NOTE: not-for-us (redhat specific less bug)
-CAN-2005-0085
- NOTE: reserved
+CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig)
before ...)
{DSA-680-1}
- htdig 1:3.1.6-11
CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through
0.10.8 ...)
@@ -1161,8 +1289,7 @@
{DSA-637-1 DSA-635-1}
CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to
execute ...)
{DSA-641-1}
-CAN-2005-0019
- NOTE: reserved
+CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local
users to ...)
{DSA-675-1}
CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to
read ...)
{DSA-661-1}
@@ -1284,7 +1411,7 @@
NOTE: reserved
CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
NOTE: not-for-us (Windows)
-CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000
through ...)
+CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in
file ...)
- file 4.12